Use case for per-protocol icons

Ethan Blanton elb at pidgin.im
Sun Aug 5 15:14:07 EDT 2007


Steven Garrity spake unto us the following wisdom:
> H. Bons wrote:
> > Like Steven said, that's more of a case of indicating a 
> > secure connection. I did a Secure emblem for 2.0, isn't 
> > that one used in the buddy list? (it's a yellow chain 
> > lock)
> 
> I don't see any indication of encryption on my jabber accounts (that use 
> TLS). That said, I don't think this belongs in the buddy list. It would 
> belong in the chat window, if anywhere.

I feel like a broken record on this issue, but it's one that people
*need* to understand.

Your TLS Jabber connections _should not_ show up as secure, because
they are completely and utterly _insecure_ as far as Pidgin can know.
All Jabber with TLS tells you is that the connection from your client
to the server is encrypted, nothing more.  Specifically, it does _not_
tell you that a) the connection from the server to the buddy you are
chatting with is encrypted, or b) even if a) holds, the server is not
sending everything you say to a third party.

_If_ you have a private Jabber server, *and* you know that all parties
involved are connected directly to that server, *and* you trust the
server, you can be sure of a secure Jabber connection over TLS;
however, none of these things are quantifiable by a client.

There really is no substitution for end-to-end encryption.

Ethan

-- 
The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
		-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://pidgin.im/pipermail/devel/attachments/20070805/955bd556/attachment.sig>


More information about the Devel mailing list